To configure a wireless client‘s role policy and matching criteria:
The LDAP Settings tab displays by default.
LDAP Query | If LDAP attributes are enabled for the selected wireless client role policy, select an LDAP query mode of either Internal (Self) or Through Wireless Controller. Select Internal (Self) to use local LDAP server resources configured in the LDAP Server Options. |
Dead Period | When using an external LDAP server, select the Dead Period between 60 and 300 seconds. The Dead Period is the timeout value before the system will attempt to rebind with the LDAP server. |
Timeout | When using an external LDAP server, select a Timeout value to specify how long of a delay between request and responses before LDAP bind and queries will be timed out. |
ServerId | When adding or editing an LDAP server entry, enter the LDAP server ID as either 1 or 2. |
Host | When adding or editing an LDAP server entry, enter the LDAP server's fully qualified domain name or IP address in the Host field. |
Bind DN | When adding or editing an LDAP server entry, enter the LDAP server's bind distinguished name in the Bind DN field. |
Base DN | When adding or editing an LDAP server entry, enter the LDAP server's base distinguished name in the Base DN field. |
Bind Password | When adding or editing an LDAP server entry, enter the password for bind. Click the Show button to display the password. |
Port | When adding or editing an LDAP server entry, enter the LDAP server port number. To select from a list of frequently used services and their corresponding port numbers, use the drop-down menu and select a service. |
Role Name | Displays the name assigned to the client role policy when it was initially created. |
Precedence | Displays the precedence number associated with each role. Precedence numbers determine the order a role is applied. Roles with lower numbers are applied before those with higher numbers. Precedence numbers are assigned when a role is created or modified, and two or more roles can share the same precedence. |
Bonjour provides a method to discover services on a LAN. Bonjour allows users to set up a network without any configuration. Services such as printers, scanners and file-sharing servers can be found using Bonjour. Bonjour only works within a single broadcast domain. However, with a special DNS configuration, it can be extended to find services across broadcast domains.
Note
The WiNG 7.1 release does not provide support for Bonjour feature on AP505 and AP510 model access points. This feature will be supported in future releases.AP Location | Use the drop-down menu to specify the
location of an access point matched in
an RF domain or the access point‘s
resident configuration. Select one of
the following filter options:
|
SSID Configuration | Use the drop-down menu to define a
wireless client filter option based on
how the SSID is specified in a WLAN.
Select one of the following options:
|
Group Configuration | Use the drop-down menu to define a
wireless client filter option based on
how the RADIUS group name matches the
provided expression. Select one of the
following options:
|
RADIUS User | Use the drop-down menu to define a
filter option based on how the RADIUS
user name (1-255 characters in length)
matches the provided expression. Select
one of the following options:
|
City | Enter a 2-31 character name of the city filtered in the role. |
Company | Enter a 2-31 character name of the organizational company filtered in the role. |
Country | Enter a 2-31 character name of the country (co) filtered in the role. |
Department | Enter a 2-31 character name of the organizational department filtered in the role. |
Enter a 2-31 character name of the Email address filtered in the role. | |
Employee Id | Enter a 2-31 character name of the employee ID filtered in the role. |
State | Enter a 2-31 character name of the state filtered in the role. |
Title | Enter a 2-31 character name of the job or organizational title filtered in the role. |
Member Of | Provide a 64 character maximum description of the group membership in the role. |
A firewall is a mechanism enforcing access control, and is considered a first line of defense in protecting proprietary information within the network. The means by which this is accomplished varies, but in principle, a firewall can be thought of as mechanisms both blocking and permitting data traffic based on inbound and outbound IP and MAC rules.
IP-based firewall rules are specific to source and destination IP addresses and the unique rules and precedence orders assigned. Both IP and non-IP traffic on the same Layer 2 interface can be filtered by applying both an IP ACL and a MAC.
Additionally, administrators can filter Layer 2 traffic on a physical Layer 2 interface using MAC addresses. A MAC firewall rule uses source and destination MAC addresses for matching operations, where the result is a typical allow, deny, or mark designation to packet traffic.